The Connection Between Software Design and Software Security
Wired reported in early June of this year that there has been a bug in the popular OpenSSL for over a decade that could allow bad guys to eavesdrop on connections, including VPN connections. According to the article, the bug is mostly found in Android phones and VPN software. I hope my Android phone is […]
What is the Most Dangerous Code in the World?
It seems to be the software that we’re all relying on to protect our financial transactions and other critical network communications. One of the main points of the first chapter of Learning Tree’s Cloud Security Essentials course is that it is very difficult to design and implement secure software. The course demonstrates this with a […]
Why Must We Still Fear the BEAST, and What Can We Do?
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]